GAO: Protection center inadequate

GAO: Protection center inadequate

Jun 22, 2001

BY PREETI VASISHTHA | GCN STAFF

The National Infrastructure Protection Center has not yet developed analytical and information-sharing capabilities to adequately protect the nation's critical infrastructures, the General Accounting Office has asserted.

The center has issued analyses of single incidents, but it has limited ability to assess data on threat and vulnerability trends, according to a May GAO report, Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities.

A major problem is that the center, which works under the auspices of the FBI, does not have adequate staff or technical expertise, GAO noted.

Also, no one has fully defined NIPC's responsibilities nor laid out how the center should collaborate with agencies that protect the government's critical infrastructure, the congressional watchdog agency said.

The center has provided technical support to the FBI on systems attacks, GAO said. But progress has been mixed in establishing information-sharing partnerships with private-sector and other government groups.

GAO calls for NIPC changes

' Develop a comprehensive data collection and analysis framework

' Establish a national program for issuing alerts about cyberattacks

' Define its role in relation to other government agencies and the private sector

In a written response to GAO, NIPC director Ronald Dick said it's important that the center have adequate staffing, particularly from defense and intelligence communities.

He also emphasized that the center has been in existence for three years and its performance should be measured accordingly.

GAO also suggested that the assistant to the president for national security affairs encourage agencies and private-sector groups to better identify information necessary to combat computer attacks. The White House adviser should also make sure there are no discrepancies in how agencies report computer incident reporting, GAO said.

It further recommended that the attorney general have the FBI director formalize information-sharing relationships between NIPC and other organizations.